Control Category: Data Minimization and Retention
-
Anonymize information
Read more: Anonymize informationAnonymize information whenever possible and separate access to identified and de-identified data sets. For physical media store identified information in a separate locked file cabinet.
-
Data Retention
Read more: Data RetentionObserve applicable data retention policies upon project completion. Securely delete the information if possible. If you must retain a copy of information at this level, ensure that it remains secure.
-
Secure destruction
Read more: Secure destructionDestroy devices and media that are no longer needed in a way such that no information can be recovered.
-
Data minimization
Read more: Data minimizationLimit the storage and collection of data at this risk level to that which is necessary to accomplish the legitimate purpose for which it is collected.
-
Secure deletion
Read more: Secure deletionSecurely delete information when it is no longer required by means that make it impossible to reconstruct the records.